Due to the nature of round_up(), its first argument is
decremented by one. drm_suballoc_hole_soffset() may return 0,
which is then passed to round_up() and may wrap around.
Remedy that by adding a guard against that value.
Fixes: 849ee8a2f0df ("drm/suballoc: Extract amdgpu_sa.c as generic
suballocation helper")
Cc: Maarten Lankhorst <maarten.lankho...@linux.intel.com>
Cc: <sta...@vger.kernel.org> # v6.4+
Signed-off-by: Krzysztof Karas <krzysztof.ka...@intel.com>
---
drivers/gpu/drm/drm_suballoc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_suballoc.c b/drivers/gpu/drm/drm_suballoc.c
index 879ea33dbbc4..7f01e9d9fcfd 100644
--- a/drivers/gpu/drm/drm_suballoc.c
+++ b/drivers/gpu/drm/drm_suballoc.c
@@ -165,11 +165,13 @@ static bool drm_suballoc_try_alloc(struct
drm_suballoc_manager *sa_manager,
struct drm_suballoc *sa,
size_t size, size_t align)
{
- size_t soffset, eoffset, wasted;
+ size_t soffset, eoffset, wasted = 0;
soffset = drm_suballoc_hole_soffset(sa_manager);
eoffset = drm_suballoc_hole_eoffset(sa_manager);
- wasted = round_up(soffset, align) - soffset;
+
+ if (soffset)
+ wasted = round_up(soffset, align) - soffset;
if ((eoffset - soffset) >= (size + wasted)) {
soffset += wasted;
--
2.34.1
